Subscribe to this blog

Subscribe

[Cyber-Security Awareness Series] The Fault In Our Code

Today was no different. Malvika got up in the morning, as usual, took a bath, got ready for office, packed her lunch and stepped out. However, Malvika had never imagined that her life would completely change when she stepped out from her home today.

Malvika was a regular employee in the firm “ILoveITSoultions” with around 5+ years of experience. In fact, even though her experience was quite less in comparison to other developers, yet she was the go-getter which everyone went to for solutions. Having done her bachelors in engineering in the field of computers from a well-known college, Malvika had joined the firm in 2013 and had been the star performer ever since. Her claim to fame was around 2 years back when “ILoveITSoultions” bagged the prestigious multi-million-dollar project of digitizing the “BankWithUs” bank.

The project was a difficult one from the start. “BankWithUs” wanted to get digitized in an extremely short period of time of around 4 months. It had legacy systems which had to be migrated to the latest web components. While everyone claimed this to be an impossible feat, Malvika stepped forward to lead the project. Her confidence was appreciated and responsibility for the project handed over.

While Malvika knew the enormity of the project, she realized it when she started working on that. The coding involved complex functions and modules to be developed. While other components were taken care of, the issue of multi-platform concurrency and transactional integrity was a pain point for everyone. In simpler terms, if a person conducts multiple transactions at the same time on an ATM, phone as well as online through net banking, integrity needs to be maintained so that a person cannot dupe the bank by withdrawing more than the amount present.

Other developers declared it impossible at that time, but Malvika came up with a solution to solve the issue at hand in the shortest time after 2 days. No one ever understood as to how Malvika did it, but guess the time had come for this mystery was about to unfold.

The Chaos

It was utter chaos when Malvika reached the office that day. “BankWithUs” officials had threatened legal action against the company. “The fault is in your code” claimed the bank officials. Everyone looked at Malvika for answers as she had designed the final piece of that code. Malvika tried to pacify them and tried to understand the problem which the bank officials were facing. The bank claimed that there when a person logged through multiple platforms at the same time, a suspense account was automatically created by the software and a sum of 1024$ got deposited in that account. The sudden withdrawal of a total of million dollars from multiple such suspense accounts alerted the bank officials to this anomaly today.

Malvika’s worst fears had been realized. She understood what would have happened but still could not answer a single query. The fact was that she had not written that code. It was someone else's code.

Coding Ninja

Around 2 years back, when Malvika had given up the hope of solving the final piece of code related to the concurrency problem, she got an idea. “CodesForAll” was a budding social platform where coders from around gathered and solved problems together. You write your problem and people would give solutions to solve the issue at hand. Malvika decided to post the problem on the platform that day. While she gave up as no one responded to her till late evening, her hopes grew once again when an expert called “Coding Ninja” “poked” her. You see, “poking” her meant, sending a private message. Some coders like to be discreet. Malvika explained her the problem in detail.

“Coding Ninja” accepted the challenge and promised to send the code the next day. Malvika had solved the problem at last, though not in the right way.

“Coding Ninja”, however, did not keep his promise. He poked Malvika again and explained to her that problem was unsolvable. However, he could it a second try, if he had the complete code at his disposal. With timelines and deadlines racing, Malvika decided to take the plunge. She had not imagined that this plunge would drown her 2 years later.

Coding Ninja gave the code to Malvika the next day which Malvika had flaunted in her office. She did not know that the coder had coded the solution in such a way that every time such a concurrency issue was faced by the software, a new suspense account would be created. The amount of 1024 dollars was a mirage created as the equivalent of 1MB or 1024 bits to avoid detection by testing tools.

The End

Malvika was relieved of her duties immediately and a legal action was taken by both the firms. “ILoveITSoultions” was sued for the same million dollars as there was a fault in their code.

What should we do?

There are multiple forums which we utilize today to solve our coding problems. We Google up our problems to find an easy or already created code for the problem at hand. It may seem easy to copy, but you end like Malvika. It is always advisable not to share original code/client code on such platforms. Copying codes directly from such platforms and pasting in your applications should also be avoided.

Comments

Such a nice and very useful and informative Blog, I am worried about hacking, there I have all the password lock store, but in case it would be hacked I am totally smashed. So I need security, that about same goes to my mail also I thought that can I should make a call to "Aol Support Number" I thought they are helpful for this matter.

You may also like to read...

You may read multiple posts on the various blogs and websites where you are given tips as to how to pass the exam in the first go, refer which books and solve which questions. In this blog post I’m not going to bombard you with those details. Instead, I’m going to share my journey and experience from preparing till passing the CISSP exam in the first attempt. What is CISSP? CISSP stands for Certified Information Systems Security Professional. Congratulations and all the very best to you, if you have decided to opt for the Gold Standard Certification. The exam is offered by ISC2 and contains around 250 questions. You have to book an appointment for the CISSP exam through the ISC2 website where you then redirected to a Pearson Vue website when you register for the exam. The exam costs around 599USD. Phase 1: Deciding It is very important for you to finalize which certification you want to do. Try to research the pros and cons of a certification. Do not just start preparing for a particular…

I wrote a blog post in the month of December where I detailed about the new CISSP CAT format being launched by the (ISC)2. The post gave details about the new exam – what would it be all about, what does the new exam mean for you and important points to consider. Well, since I had passed the exam way back in July, there was no way, I would decide to sit for this difficult exam again. Luckily, few of my friends gave the CISSP CAT exam and passed it, so I spoke to them to understand their experience with this new exam format and decided to write about it. So here it goes… The Study Material
The first question that comes to everyone’s mind is – Do I need to look for a new study material since the exam format has changed. The answer is NO. The CISSP study material remains the same. My friends referred to the following material, but this is not an exhaustive list in any way. My recommendation would be to stick to one particular book and get to know every word and line of it. It is extremel…

Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2. When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.
Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP?
You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are not graded, you need …

Popular Posts

You may read multiple posts on the various blogs and websites where you are given tips as to how to pass the exam in the first go, refer which books and solve which questions. In this blog post I’m not going to bombard you with those details. Instead, I’m going to share my journey and experience from preparing till passing the CISSP exam in the first attempt. What is CISSP? CISSP stands for Certified Information Systems Security Professional. Congratulations and all the very best to you, if you have decided to opt for the Gold Standard Certification. The exam is offered by ISC2 and contains around 250 questions. You have to book an appointment for the CISSP exam through the ISC2 website where you then redirected to a Pearson Vue website when you register for the exam. The exam costs around 599USD. Phase 1: Deciding It is very important for you to finalize which certification you want to do. Try to research the pros and cons of a certification. Do not just start preparing for a particular…

I wrote a blog post in the month of December where I detailed about the new CISSP CAT format being launched by the (ISC)2. The post gave details about the new exam – what would it be all about, what does the new exam mean for you and important points to consider. Well, since I had passed the exam way back in July, there was no way, I would decide to sit for this difficult exam again. Luckily, few of my friends gave the CISSP CAT exam and passed it, so I spoke to them to understand their experience with this new exam format and decided to write about it. So here it goes… The Study Material
The first question that comes to everyone’s mind is – Do I need to look for a new study material since the exam format has changed. The answer is NO. The CISSP study material remains the same. My friends referred to the following material, but this is not an exhaustive list in any way. My recommendation would be to stick to one particular book and get to know every word and line of it. It is extremel…

Systems Security Certified Practitioner (SSCP) exam is offered by (ISC)2. When I prepared for this exam, there was hardly any material for preparation or blog posts to help me understand the experience of this exam. In this blog post, I will try to explain to you how to study for this exam and the experience of this exam.
Before I begin, let me congratulate on your journey to becoming an SSCP. Although this certification may not be highly recognized as the CISSP certification, still it shows your employer and the world that you are really interested to pursue your career in this field. You become a practitioner in this field. What is SSCP?
You would like to read CISSP vs SSCP in case you want to have a comparison between the exams. SSCP is a 3-hour long examination having 125 questions. You are required to score a minimum of 700 out of 1000. 25 questions are not graded as they are research oriented questions. It is important to note that since these questions are not graded, you need …

Disclaimer:

The views and opinions expressed herein are my own. They do NOT intend to represent the views or opinions of my employer or any other organization. Any information represented as fact are believed by me to be true, but I make no legal claim as to their certainty.